Apple may soon face a backlash related to user privacy following its iTunes Plus launch, according to early rumblings online.
As users began experimenting with the premium, DRM-free downloads from EMI artists on Wednesday, an interesting discovery soon surfaced. The unprotected, higher-quality files may lack digital locks-and-keys, but they contain information identifying the purchaser. Specifically, the username and related email address are embedded into the file, and it remains unclear whether the information can easily be wiped away. Bloggers quickly demonstrated the information by running some simple unix commands, a discovery that ignited a small firestorm of protest. “Sure, you can now download music from the iTunes Store without DRM but that doesn’t mean you should just willy nilly start sharing that music with your friends,” blogged Erica Sadun of The Unofficial Apple Weblog (TUAW). “For one thing, it’s illegal. For another, your account information is embedded into that m4a music file.”
The embedded information is also found on DRM-protected, 99-cent downloads, and an integral part of the Apple FairPlay architecture. In a protected context, the identifying information helps to ensure that files stay within their prescribed boundaries, though the embedded identifiers have a less function in a DRM-free file. “And they wonder why we hate them,” blasted influential industry critic Bob Lefsetz, the beginning of a vitriolic email attack. The information could be used to track file-sharing individuals, though it remains unclear if the data will be employed in such a manner. Regardless, users may become a bit weary following the discovery, especially considering the potential liabilities involved. The privacy concerns could also prompt a response from Apple, depending on the level of attention the discovery ultimately generate